Skip to content

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

  • by

​Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux.

Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it.

Socket flagged the release six minutes after it was Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux.

Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it.

Socket flagged the release six minutes after it was  The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *